The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Iglooftp | Iglooftp | 0.6.1 (including) | 0.6.1 (including) |